mariuszm0
(Mariuszm0)
26 Styczeń 2006 18:34
#1
problem mam taki ze cos mi szwankuje a nie wiem co skanowałem juz chyba wszystkim co mozliwe i nic objawy sa takie ze wywala mi ustawienia programów oraz same programy czeste zwiechy systemu itp.
Logfile of HijackThis v1.97.7 Scan saved at 19:09:22, on 2006-01-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\spy sweeper\WRSSSDK.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\EUROBA~1\erobar.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Draco Software\Draco Organizer 2\Organizer.exe E:\programy\wszystko na wirusy\HijackThis V1.97.7\HijackThis V1.97.7\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” O4 - Startup: Eurobarre.lnk = C:\Program Files\eurobarre\eb.exe O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Spyware Doctor (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestSc … stscan.cab O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/ … 3/myv3.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house … hcImpl.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot … r37540.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot … WebAAS.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh … wflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/574/w … lashAX.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip…{4768AA7B-434B-42EF-9EA2-E8937E8BFD88}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip…{54528DCE-1BC5-4279-847C-5C1BF9090CE2}: NameServer = 195.114.161.55 195.114.181.130
dzieki za pomoc pozdro
adam9870
(adam9870)
26 Styczeń 2006 18:45
#2
Skąd masz taką starą wersję Hijacka :?
Daj loga z najnowszej wersji programu 1.99.1.
Do pobrania z tąd:
http://dobreprogramy.pl/index.php?dz=19&id=730&t=55
Poczytaj ten temat:
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
W nim wyraźnie pisze:
mariuszm0
(Mariuszm0)
26 Styczeń 2006 18:51
#3
ok dzieki zaraz sciagne i wkleje loga jeszcze raz :oops:
Logfile of HijackThis v1.99.1 Scan saved at 20:00:12, on 2006-01-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\spy sweeper\WRSSSDK.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\EUROBA~1\erobar.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Draco Software\Draco Organizer 2\Organizer.exe C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe E:\programy\wszystko na wirusy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” O4 - Startup: Eurobarre.lnk = C:\Program Files\eurobarre\eb.exe O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestSc … stscan.cab O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/ … 3/myv3.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house … hcImpl.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot … r37540.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot … WebAAS.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/574/w … lashAX.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip…{4768AA7B-434B-42EF-9EA2-E8937E8BFD88}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip…{54528DCE-1BC5-4279-847C-5C1BF9090CE2}: NameServer = 195.114.161.55 195.114.181.130 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\SERV-U\SERVUD~1.EXE O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\spy sweeper\WRSSSDK.exe
z nowej wersji
kuz5
(Kuz5)
26 Styczeń 2006 21:24
#4
Log masz ok
Ciachnij:
Proponuje odinsatlować Spyware Doctor
Pobierz program Ewido zrób update i przeskanuj
mariuszm0
(Mariuszm0)
26 Styczeń 2006 21:46
#5
ok dzieki zrobie to co piszesz i powiem czy pomogło
chyba nie to bo ten program praktycznie nic nie znalazł a nic sie nie zmieniło
Gutek
(Gutek)
26 Styczeń 2006 23:04
#6
Reinstalacja XP
http://www.searchengines.pl/phpbb203/in … ntry109540
ale to co mowi Picasso, to nie format - nic nie stracisz
mariuszm0
(Mariuszm0)
27 Styczeń 2006 18:21
#7
robiłem to zanim napisałem ten temat ale dzieki za podpowiedz 8)
Gutek
(Gutek)
27 Styczeń 2006 19:55
#8
czyli nadla nic - stery podmienione???
Zobacz jeszcze w ten dziennik zdarzeń:
Start>>>Uruchom>>>eventvwr jakies bledy???
mariuszm0
(Mariuszm0)
27 Styczeń 2006 20:28
#9
niewiem czuy to o to chodzi ale mam pare błędów
TFTPd
application error
service control manager ten wystepuje najczesciej
system error
Gutek
(Gutek)
27 Styczeń 2006 20:31
#10
Ok ale co do jakiego ploku zdarzenia sie odnosi blad